Loading a Windows 7 User Tile using the picture in Active Directory

The Explanation

Back in 2010 as Microsoft was putting the finishing touches on Office 2010, the Microsoft Exchange team mentioned that it was going to possible to show pictures in Outlook 2010. They also talked about how these pictures could be loaded directly into Active Directory and Outlook would be able to pull them from the directory. It didn’t take me long to make the required schema change on our network at work and load a few pictures in for testing. Once I updated our system to support Windows 2008 domain controllers, the display of pictures in the beta version of Outlook started working perfectly.

Even before I got the picture display to work in Outlook, I started wondering if it would be possible to make Windows 7 automatically load those pictures for its User Tile (I actually even asked the question on the blog post by the MS Exchange Team). It seemed that this wasn’t possible. Supposedly the fact that this was desired was passed on to the Windows team, but even after Windows 7 SP1 came out there didn’t seem to be any official support for this feature. And as far as I can tell, none is forthcoming.

The other day, I happened across a post by a guy named Joco where he detailed an undocumented API in Windows 7 that sets the User Tile. He also included some sample C# code that you can execute with command line arguments for the username and the picture location. However, I want to load the pictures directly from AD and I’ve done most of my “programming” in Visual Basic, not C#. So, I took his sample code, translated the API declaration to VB and added some code to retrieve the picture from Active Directory.

The Executable File

For simplicity, I’m providing an executable file already compiled against .Net 3.5 (which comes with Windows 7). This executable is signed by a CA Cert code signing certificate. If you do not have their root certificates installed, Windows will tell you that it’s an invalid signature.

To use this file, it can be simply be run by the user. You can launch this automatically as part of a login script (which is how I use it). The logic script application I use also allows me to hide any output so the DOS box never gets seen by our users.

Source code and some basic directions for using it can be found after the break.

The VB.net Code

This code was written using the free Visual Basic 2010 Express. Once you have that installed, you can create a new Console Application named “setUserTile”.

From the “Project” menu, select “Add Reference…”

And add a reference to both “System.DirectoryServices” and “System.DirectoryServices.AccountManagement”.

NOTE: You may also wish to change the version of .Net for this application to 3.5, which is the version that ships with Windows 7. If you leave it at 4.0 (the default for VB.Net 2010) the application will only be able to run on systems that have installed v4.0 of the .Net framework.

Module setUserTile
' Undocumented API learned from http://joco.name/2010/12/06/i-discovered-the-new-windows-user-tile-api/<system .Runtime.InteropServices.DllImport("shell32.dll", EntryPoint:="#262", CharSet:=Runtime.InteropServices.CharSet.Unicode, PreserveSig:=False)> _
PrivateSub SetUserTile(ByVal strUserName AsString, ByVal intWhatever AsInteger, ByVal strPicPath AsString)' This is just to fool WordPress which thinks it's being helpful </system>EndSubSub Main()Dim strUser AsStringDim currentADUser As System.DirectoryServices.AccountManagement.UserPrincipalDim de As System.DirectoryServices.DirectoryEntryDim b()AsByteDim strTempFile AsStringDim stream As System.IO.FileStreamTry' The WindowsIdenty object can retrieve the current username (with domain), but not the AD Object' The "AccountManagement" object can retrieve the current user, but not the thumbnailPhoto' The "DirectoryEntry" object can retrieve the thumbnailPhoto, but not the current user' So we use all three objects...' The WindowsIdentity object to pass the full domain\username string to our API' And the "AccountManagement" object to tell the "DirectoryEntry" object which user to get the photo for
strUser = System.Security.Principal.WindowsIdentity.GetCurrent().Name
currentADUser = System.DirectoryServices.AccountManagement.UserPrincipal.Current
de =New System.DirectoryServices.DirectoryEntry("LDAP://"+ currentADUser.DistinguishedName)
b = de.Properties("thumbnailPhoto").ValueIf b IsNotNothingThen' We've got a picture... save it to %TEMP% ...
strTempFile = System.IO.Path.GetTempFileName
stream =New System.IO.FileStream(strTempFile, System.IO.FileMode.Create)
stream.Write(b, 0, b.Length)
stream.Close()' ... call our API ...
SetUserTile(strUser, 0, strTempFile)' ... and delete the temporary file.
System.IO.File.Delete(strTempFile)EndIfCatch ex As Exception
' Fail silentlyEndTryEndSubEndModule